General

  • Target

    1237670de207f0cdde59af6d8200f8fd_JaffaCakes118

  • Size

    86KB

  • Sample

    241004-g819zstbja

  • MD5

    1237670de207f0cdde59af6d8200f8fd

  • SHA1

    767aaa193ad03b5d526db432006758cc5e19b2cb

  • SHA256

    8d27140434642bb8bea27ded40363931117778e72bb6185aa752b844e82e5c0d

  • SHA512

    cea94fef0f571a783adbb65bec7eec799ad761aecae534341b40a685af0170e6e1fd748cf7e8187c4bac6d333c30aa3ab18837f507985842aefe59275497d105

  • SSDEEP

    1536:DE20Bp4Gj4tVY11hK4+6eJr0+g+Jz7WTuMAj3gBaESJRaSD:E4oFc4+6eJrxg+pWTuMAj3gA/D

Malware Config

Targets

    • Target

      1237670de207f0cdde59af6d8200f8fd_JaffaCakes118

    • Size

      86KB

    • MD5

      1237670de207f0cdde59af6d8200f8fd

    • SHA1

      767aaa193ad03b5d526db432006758cc5e19b2cb

    • SHA256

      8d27140434642bb8bea27ded40363931117778e72bb6185aa752b844e82e5c0d

    • SHA512

      cea94fef0f571a783adbb65bec7eec799ad761aecae534341b40a685af0170e6e1fd748cf7e8187c4bac6d333c30aa3ab18837f507985842aefe59275497d105

    • SSDEEP

      1536:DE20Bp4Gj4tVY11hK4+6eJr0+g+Jz7WTuMAj3gBaESJRaSD:E4oFc4+6eJrxg+pWTuMAj3gA/D

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks